unix accounts with postfix's virtual hosts

[Red Swift]

Morning all! Can someone describe to me the use of user accounts with Postfix daemon when configured for virtual domain hosting?

Where do incoming emails go for each domain?
Do I have to have a user account strategy to store emails in their home directory?
<sigh>How will this user account work with Dovecot, sasl, ssl, etc?</sigh>

Would appreciate any pointers outside of the regular tutorials I've seen.

[smr54]

There's some older tutorials at freebsddiary.org that did the virtualhosts thing pretty well, IMHO, despite being from 2002 and of course, having a bit to do with installing on BSD rather than Linux. (For example, in FreeBSD, most things are in /usr/local, so where he says /usr/local/etc in Fedora it would be /etc.

There's a few good postfix tutorials, including ssl with dovecot on the CentOS wiki

http://wiki.centos.org/HowTos

Look for the section on email.

I'm not sure if any of these actually cover your situation, so, no guarantees on this one.

[Red Swift]

Nice smr54! The sites do have some good details and it's material I am familar with, thanks!
http://wiki.centos.org/HowTos/postfix
http://www.freebsddiary.org/

But how is your experience with user accounts and virtual domains? I would like to use as few user accounts on my Fedora system as possible. Yet this doesn't seem to be a feasible direction.

Do you know what to expect when I have system accounts and pop3/imap login accounts?

[smr54]

To be honest, I haven't done postfix with virtual domains in years, so I'm afraid I don't remember. Seems to me i have an ancient article of my own somewhere---ah, http://home.roadrunner.com/~computer...u/postfix.html
but a quick glance indicates that it doesn't cover that--I'm pretty sure, that back when I set it up, we didn't use the machine accounts.

[Doug G]

Check out ispconfig3 and how it configures postfix/dovecot on fedora. It sets up virtual domains and users using mysql. Incoming mail ends up in /var/vmail/<domain>/ in Maildir format. It works well, I use ispconfig3 for my own mail.

[William Haller]

I just set up a server with postfix, dovecot, SA, milter-greylist, and clamav. The only tricky part was figuring out a way to handle user aliases with procmail enabled. The trick I ended up using there was creating symbolic links from the alias to the real mailbox. There may be a better way, but that ended up working. This was on CentOS 6, but should be similar on Fedora since they are closer in sync now. We pull all information from a directory server with a script instead of using MySQL, but I'm sure that approach would work fine as well.

You only need one account for a vmail user/group using this approach. Just set up the right path to the home directory in their vmailbox so each user gets their own.

vhosts
--------
the domain name on one line

vmailbox
----------
user_real_name@domain domain/user_real_name/mail/
user_alias@domain domain/user_real_name/mail/


valias
-------
All the required mailing lists for the domain
list@domain user1@domain,user2@domain,user3@domain


vmailbox_uid
root@domain his_uid
@domain vmail's uid

same with the vmailbox_gid file

set up a network table with local networks, a black and white map, a mapping table for the local users (root@domain) to point to whoever gets the mail for that account, and you're set - in our case we pull all authentication from the directory server, including SASL auth for relay security, and map dovecot against the same thing. That way we just update the directory server with new account information and group updates and everything else authenticates against that. The other steps come from the online tutorials nicely but maybe this will save you a few steps.

Everything went smoothly here except for the procmail part - I ended up setting the mailboxes in that via $HOME/$DOMAIN/$USER/mail/ passing the information in via master.cf and at the end included the user procmailrc file for final processing. We have control over the contents of these but we use them for automated vacation processing messages so needed procmail to work. We also filter on some common SA outputs and redirect mail automatically to junk folders for some input mails via procmail.

[Red Swift]

Excellent posts everyone!
I can descrease the workload by refering to IspConfig; was not aware of this package.

Still, I will have a number of local accounts, at least one for each virtual domain, hmm. And using a different mda (e.g procmail) is fine with Postfix? Ok, I hope to discover why that is, as I would be comfortable using the internal mda to Postfix. Does high traffic volume require a change or is it the features of Procmail?

So Dovecot, when authenticating, won't be using system user accounts. That is a measure of relief, once I finish with experimenting using local files and move to database mappings with no additional uid/gid to manage.

[William Haller]

I'd stick with the usual virtual mda - it works fine without any tweaking. If you need the functionality of procmail for automatic sorting of messages (we did) then it gets more complicated. Stick with the normal virtual delivery agent if possible. It is much faster for delivery as I understand it because procmail needs to configure the agent to just handle one message at a time.

Postfix will also reverse map a local user to appear to be coming from a virtual domain - see the smtp_generic_maps parameter.

[Doug G]

ispconfig3 only uses a single unix account for all email domains and users. Perhaps you looked at the older but still released ispconfig2 package. I have quite a few email domains and users on a single ispconfig3 fedora server, email runs entirely under a single vmail linux user account.

[Red Swift]

Yes, that does appear to be the most desirable course. Especially after a poking and proding Postfix with different users and groupings; I have no more experiments for user setups.

No, I haven't looked at Ispconfig2 specifically, but I will before moving on to the latest version.

<shuffleDance>Ok! Great discussion and thanks for the suggestions</shuffleDance>

[Doug G]

Quote:

No, I haven't looked at Ispconfig2 specifically, but I will before moving on to the latest version.

Just to be clear, I don't think you want ispconfig2. ispc2 requires a unix user account for each mailbox. ispc3 uses virtual users for mailboxes.

The folks that created ispconfig3 have nice tutorials called "the perfect server ...' for different ispc and linux setups. Look for the perfect server tutorial for ispconfig3 on fedora 15 and you can see what yum packages they used for the ispc3 email configuration.